Ok, so now we get to the fun parts. I wanted to hide sections of my pre-scaffolded user interface (all that crud crud) behind an admin interface, so that I could keep it around but completely sculpt a new UI for players and the quiz master.

To do this, we need to secure the resources. There are several things we need to do: moving the resources to an /admin/ URL, then securing them by path to ROLE_ADMIN, then conveniently hiding the menu items we don't want shown.

Moving the controllers and views to /admin/

This part was relatively straightforward. We first had to modify the @RequestMapping annotation and the @RooWebScaffold annotation to point the controllers to /admin/controllername, as I show with the QuizController below:

As you see above, I've secured them using the new Spring Security 3.0 SPeL expressions hasRole('ROLE_NAME'), isAuthenticated() and permitAll(). The order is important here as Spring evaluates these from the top down, which is different from almost all Spring configuration elements. Keep that in mind when debugging.

We're going to allow everybody (for now) to access /member/ which is where I'm allowing people to register and play. Any role can do that, so I figure for now we'll ride with this.

Cleanup - fire up the Roo shell

You did remember to run the Roo shell when you started making these changes, right?

Fixing up our menus

Since Roo may have goofed up our menu URLs a bit if we did this wrong, go ahead and make sure all of your menu items are re-written correctly: